Quantum computing and cybersecurity: How to capitalize on opportunities and sidestep risks

Large-scale quantum computers will create new opportunities for improving cybersecurity but can also create exposures. Organizations can start preparing today.

Quantum cybersecurity: The positives and negatives

Large-scale quantum computers will significantly expand computing power, creating new opportunities for improving cybersecurity. Quantum-era cybersecurity will wield the power to detect and deflect quantum-era cyberattacks before they cause harm. But it could become a double-edged sword, as quantum computing may also create new exposures, such as the ability to quickly solve the difficult math problems that are the basis of some forms of encryption. While post-quantum cryptography standards are still being finalized, businesses and other organizations can start preparing today.

Here comes quantum computing

Quantum mechanics is a branch of physics that explores how the physical world works at a fundamental level. At the quantum level, particles can take on more than one state at the same time, and they can have their states correlated even when separated by a large distance. Quantum computing harnesses these quantum phenomena to process information in a profoundly new way. The worldwide market for quantum computing is predicted to be more than USD 10 billion by 2024.

Today’s classical computers use two primary classes of algorithms for encryption: symmetric and asymmetric.

• In symmetric encryption, the same key is used to encrypt and decrypt a given piece of data. The Advanced Encryption Standard (AES) is an example of a symmetric algorithm. Adopted by the US government, the AES algorithm supports three key sizes: 128 bits, 192 bits, and 256 bits. Symmetric algorithms typically are used for bulk encryption tasks, such as enciphering major databases, file systems, and object storage.

• In asymmetric encryption, data is encrypted using one key (usually referred to as the public key) and is decrypted using another key (usually referred to as the private key). Although the private key and public key are different, they are mathematically related. The widely employed Rivest, Shamir, Adleman (RSA) algorithm is an example of an asymmetric algorithm. Even though it is slower than symmetric encryption, asymmetric algorithms solve the problem of key distribution, which is an important issue in encryption.

Quantum risks to cybersecurity

The advent of quantum computing will lead to changes to encryption methods. Currently, the most widely used asymmetric algorithms are based on difficult mathematical problems, such as factoring large numbers, which can take thousands of years on today’s most powerful supercomputers.

However, research conducted by Peter Shor at MIT more than 20 years ago demonstrated the same problem could theoretically be solved in days or hours on a large-scale quantum computer. Future quantum computers may be able to break asymmetric encryption solutions that base their security on integer factorization or discrete logarithms.

Although symmetric algorithms are not affected by Shor’s algorithm, the power of quantum computing necessitates a multiplication in key sizes. For example, large quantum computers running Grover’s algorithm, which uses quantum concepts to search databases very quickly, could provide a quadratic improvement in brute-force attacks on symmetric encryption algorithms, such as AES.⁵

To help withstand brute-force attacks, key sizes should be doubled to support the same level of protection. For AES, this means using 256-bit keys to maintain today’s 128-bit security strength.

Even though large-scale quantum computers are not yet commercially available, initiating quantum cybersecurity solutions now has significant advantages. For example, a malicious entity can capture secure communications of interest today. Then, when large-scale quantum computers are available, that vast computing power could be used to break the encryption and learn about those communications.

Eclipsing its potential risks, quantum cybersecurity can provide more robust and compelling opportunities to safeguard critical and personal data than currently possible. It is particularly useful in quantum machine learning and quantum random number generation.


Bookmark this report  

Meet the authors

Walid Rjaibi

Connect with author:

, IBM Distinguished Engineer and Chief Technical Officer for Data Security, IBM Security

Sridhar Muppidi

Connect with author:

, IBM Fellow, Vice President and Chief Technical Officer, IBM Security

Mary O'Brien

Connect with author:

, General Manager, IBM Security

Download report translations

Originally published 18 July 2018